-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 May 2026 20:45:00 +1000 Source: nagios4 Binary: nagios4 nagios4-cgi nagios4-cgi-dbgsym nagios4-core nagios4-core-dbgsym Architecture: riscv64 Version: 4.4.6-4.1+deb13u1 Distribution: trixie-security Urgency: high Maintainer: riscv64 Build Daemon (rv-osuosl-02) Changed-By: Russell Stuart Description: nagios4 - host/service/network monitoring and management system nagios4-cgi - cgi files for nagios4 nagios4-core - host/service/network monitoring and management system core files Closes: 1136340 Changes: nagios4 (4.4.6-4.1+deb13u1) trixie-security; urgency=high . * CSRF Security Fix backported from upstream 4.5.12 commit e5ed38e53a5d65721520c7c67be0746d63da28cb (cgi/cmd.c and html/index.php.in). See https://www.nagios.com/security-disclosures/nagios-core/4-5-12/ for the upstream disclosure. No CVE assigned. Closes: #1136340. * This can break third party integrations that POST to cmd.cgi without first setting NagFormId (the CSRF check fails). Upstream PR 1055 has been added as a workaround - see README.Debian. Checksums-Sha1: 5483fa71e1aa90b28361ac672fbbebe067b571a4 5466928 nagios4-cgi-dbgsym_4.4.6-4.1+deb13u1_riscv64.deb e23dbbabb67eb15419005782480e52159dbef921 1342892 nagios4-cgi_4.4.6-4.1+deb13u1_riscv64.deb fcf7066cbb58346739fc4c95aa1cfd792adab8e9 718272 nagios4-core-dbgsym_4.4.6-4.1+deb13u1_riscv64.deb 7eb245aecededd9f24f3c31822c38bbe4cd52d81 257528 nagios4-core_4.4.6-4.1+deb13u1_riscv64.deb 3a5589ed96606992abb3656eeb7d9f4d0d46d772 10160 nagios4_4.4.6-4.1+deb13u1_riscv64-buildd.buildinfo d6d34969554f7567c8278e27aadf25ec6d8f3b4e 16412 nagios4_4.4.6-4.1+deb13u1_riscv64.deb Checksums-Sha256: c9eb5d8dc535fa35de33ddaae315073d5d7fce0f90adc9a9a985d15a6ad1cc60 5466928 nagios4-cgi-dbgsym_4.4.6-4.1+deb13u1_riscv64.deb 5f5e20532109009051f5e9a591906e71a38dfcb95ba6e8d767260beacbf0cd06 1342892 nagios4-cgi_4.4.6-4.1+deb13u1_riscv64.deb 8a40aca141b0d8f9544f8d8c33822d9bc8defd444ced9fcdc8c85ca68fff37c8 718272 nagios4-core-dbgsym_4.4.6-4.1+deb13u1_riscv64.deb df31f15b95b7849bec766bb2aaa274301741c179deb9e83dd15ef0651ff9f1ca 257528 nagios4-core_4.4.6-4.1+deb13u1_riscv64.deb 1402a9b55cf16c0f6f65c02b22ae4fb7fe9650af1f139d1c5971d2914e66e28f 10160 nagios4_4.4.6-4.1+deb13u1_riscv64-buildd.buildinfo 101fb5ce88496fe5c34c21d1aa9ccc2e7e315373e3a71d2f157663414ee3435a 16412 nagios4_4.4.6-4.1+deb13u1_riscv64.deb Files: e23cd15c76ed691728e38993e69c79a9 5466928 debug optional nagios4-cgi-dbgsym_4.4.6-4.1+deb13u1_riscv64.deb eed4fa1546845ed014e3970dcb05d970 1342892 net optional nagios4-cgi_4.4.6-4.1+deb13u1_riscv64.deb 1e58db2b3c9871af339fe201171d895b 718272 debug optional nagios4-core-dbgsym_4.4.6-4.1+deb13u1_riscv64.deb 47062b1b8d38a7d43602c8febd922314 257528 net optional nagios4-core_4.4.6-4.1+deb13u1_riscv64.deb ce7ea908c28f0bd63676d023f0490501 10160 net optional nagios4_4.4.6-4.1+deb13u1_riscv64-buildd.buildinfo df7b5a06a30a00d9ea7114079a0a9d05 16412 net optional nagios4_4.4.6-4.1+deb13u1_riscv64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/AxPdLOtOshqz3vw/Fc5EAGpa+sFAmoVaisACgkQ/Fc5EAGp a+sKqBAAjF3krxgMRx9fB8yEwZvaZUgW2kCxl51qNuavXnQvhAIzl8akbT1HD6rk F+ajJYNDxNe4/ewPvWyA4XuyVt55r4IBi/DU7Gc54F47LZmY8bkI8bHSdF4mF0Pv 0ql7khK7JtNkr8rf7axpPbBgD1yuHM9cXhsagS7STuyLq1d/3nMpLxCc6O4w1WNA WBWfjzXogCOOounrzB/sUtalPVe376cdWY85uhQYNQXhQqE82Wakd55tKyZVsrjM aaTFAjsnlrhimVfYATnEJNGxDodhNXZAim9YjJhtA8r0yhZ1xbMTVFEncheAdDHP A1YfNO2KtTrGVUYErOzG4teNzdSteHQi7DGqVvGE6lsvlJfEc9E8uphL0cXDhyai iuqJ0aqtPXbSl0xjGM8dC12zY8zLtBGkf62hNg98kvga8yuWYmBKpCQu7zTQrDwQ KJUiNq6iNZbuPsdfbtL1jpRgttzTBpA+Gzug8fBFT9HQAFSi8BfuxJQ6KpzN5UE8 ikRbVnci5+J3BXm6iscdXna+j4fMA0zRvocAwYGGWE9eHQrmjKDc16fo/RokaAWT Tf96sYlmj/uzmfXn5xM/iBVa59RjYO8fVMOLKxq5BGw2nn9vYIW23S97KpmByvhZ SITzntsUM+eEcM+FbQyWNjXjm7MQ/N+HgdRAOAIMYnFkWovNYC0= =tIsi -----END PGP SIGNATURE-----